CVE-2002-1976

NameCVE-2002-1976
Descriptionifconfig, when used on the Linux kernel 2.2 and later, does not report when the network interface is in promiscuous mode if it was put in promiscuous mode using PACKET_MR_PROMISC, which could allow attackers to sniff the network without detection, as demonstrated using libpcap.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
net-tools (PTS)wheezy1.60-24.2vulnerable
jessie1.60-26vulnerable
buster, sid, stretch1.60+git20161116.90da8a0-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
net-toolssource(unstable)(unfixed)unimportant

Notes

This seems to be a misunderstanding of what the PROMISC flag
is about. ifconfig reports properly when it is set using
"ifconfig promisc".

Search for package or bug name: Reporting problems